Tuesday, March 05, 2019

How To Fix Pod Mounted PV Permission Issues on OKE


  We are building DB services on OKE . By default OKE(Oracle Kubernete Engine) storageclass is oci which is OCI block volume.  If we don't specify storageclass in yaml file, OKE would automatically create block volumes as persistent volumes and attach to pods for us which is very convenient.
However we hit permission issue , by default the filesystem created by OKE is owned by root , the docker images user is oracle with id 54321 . It fails on creating DB.


  It is not a good practice for a Dockerfile to modify parent host mounted file permission. We can use yaml to tell OKE to mount the volume with correct permission.  More details refer Kubernetes security context doc
Add below in the spec of the yaml file, in this case 54321 is the id
         runAsUser: 54321
         fsGroup: 54321

No comments: